Kiro CLI V3: Specs, Permissions, and Hooks in the Terminal Kiro released CLI V3 in early access, bringing spec-driven development, declarative permissions, and standalone hooks to the terminal for the first time. The update targets terminal-first developers and teams shipping production code through CI, but warns that V3 session files are not backward compatible with V2. Kiro just shipped CLI V3 in early access, and it resolves the platform’s most glaring gap: terminal-first developers can now run the full spec-driven workflow — requirements, design, task execution — without touching the IDE. Run kiro-cli --v3 to opt in. Your 2.x setup stays untouched. What Changed in V3 Three features define the release. Each one addresses a concrete pain point from 2.x, and together they close the gap between the IDE and the CLI entirely. 1. The Spec Agent Is Now in the Terminal Until now, Kiro’s defining feature — spec-driven development — lived exclusively in the IDE. V3 changes that. Terminal developers get the full workflow: specs in the Kiro CLI https://kiro.dev/docs/cli/v3/specs/ work the same way they do in the IDE. The process: run /spec new user-auth to start. Kiro generates a requirements.md file using EARS notation Easy Approach to Requirements Syntax, originally developed at Rolls-Royce for aerospace engineering . EARS turns fuzzy feature descriptions into machine-readable acceptance criteria: WHEN a user submits a valid email on the reset form THE SYSTEM SHALL send a one-time reset link valid for 30 minutes. WHILE a reset link is unused and unexpired THE SYSTEM SHALL allow exactly one password change before it expires. After reviewing requirements, Kiro generates design.md — architecture, sequence diagrams, component breakdown. Then tasks.md — an ordered implementation plan with dependency tracking. Run /spec run 3 and the agent executes task 3 autonomously, streaming progress without waiting for further prompts. This matters because the spec-driven workflow is what separates Kiro from every other AI coding tool. It was IDE-only until today. 2. Declarative Permissions Replace Ad-Hoc Approvals In V2, every agent action that touched the filesystem or shell spawned an approval prompt. That worked for individuals. It does not work for teams shipping production code through CI or agentic pipelines. V3 introduces capability-based permissions https://kiro.dev/docs/cli/v3/permissions/ via a permissions.yaml file. You declare exactly what the agent can do, check it into version control, and move on: permissions: - capability: shell effect: allow match: "npm " - capability: shell effect: exclude match: "npm publish " - capability: fs write effect: allow match: "src/ " One rule can allow or deny an entire category of operations across all tools. Categories include shell , fs read , fs write , and mcp . The security detail worth knowing: compound commands ; , && , || , | are split before pattern matching. A rule for npm test will not accidentally match npm test ; curl attacker.com . That is deliberate, and it is the right design decision. 3. Standalone Hook Files Hooks in V2 were embedded in a monolithic config. In V3, each hook lives at .kiro/hooks/